Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
5
Merge Requests
5
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jérome Perrin
slapos
Commits
8d952c8c
Commit
8d952c8c
authored
Dec 03, 2020
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
stack/erp5: make haproxy listening on both old apache + old proxy ports
parent
123d5ccf
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
17 additions
and
8 deletions
+17
-8
stack/erp5/buildout.hash.cfg
stack/erp5/buildout.hash.cfg
+2
-2
stack/erp5/haproxy.cfg.in
stack/erp5/haproxy.cfg.in
+11
-1
stack/erp5/instance-balancer.cfg.in
stack/erp5/instance-balancer.cfg.in
+4
-5
No files found.
stack/erp5/buildout.hash.cfg
View file @
8d952c8c
...
@@ -90,11 +90,11 @@ md5sum = 2f3ddd328ac1c375e483ecb2ef5ffb57
...
@@ -90,11 +90,11 @@ md5sum = 2f3ddd328ac1c375e483ecb2ef5ffb57
[template-balancer]
[template-balancer]
filename = instance-balancer.cfg.in
filename = instance-balancer.cfg.in
md5sum =
4a119083eab1eadbaf44468eb4f3381f
md5sum =
abbf7a437e582c994c9f3a5b4edfc6f0
[template-haproxy-cfg]
[template-haproxy-cfg]
filename = haproxy.cfg.in
filename = haproxy.cfg.in
md5sum =
8de18a61607bd66341a44b95640d293f
md5sum =
7149e973ab1f6c1cb31b1ca33638c145
[template-rsyslogd-cfg]
[template-rsyslogd-cfg]
filename = rsyslogd.cfg.in
filename = rsyslogd.cfg.in
...
...
stack/erp5/haproxy.cfg.in
View file @
8d952c8c
...
@@ -46,6 +46,7 @@
...
@@ -46,6 +46,7 @@
# "backend-dict": {
# "backend-dict": {
# "family-secure": {
# "family-secure": {
# ( 8000, # port int
# ( 8000, # port int
# 18000, # legacy_port int
# 'https', # proto str
# 'https', # proto str
# True, # ssl_required bool
# True, # ssl_required bool
# [ # backends
# [ # backends
...
@@ -57,6 +58,7 @@
...
@@ -57,6 +58,7 @@
# },
# },
# "family-default": {
# "family-default": {
# ( 8002, # port int
# ( 8002, # port int
# 18002, # legacy_port int
# 'https', # proto str
# 'https', # proto str
# False, # ssl_required bool
# False, # ssl_required bool
# [ # backends
# [ # backends
...
@@ -88,10 +90,16 @@
...
@@ -88,10 +90,16 @@
# - [::1]:8000 redirecting internaly to http://10.0.0.10:8001
# - [::1]:8000 redirecting internaly to http://10.0.0.10:8001
# only accepting requests from clients providing a verified TLS certificate
# only accepting requests from clients providing a verified TLS certificate
# emitted by a CA from `ca-cert` and not revoked in `crl`.
# emitted by a CA from `ca-cert` and not revoked in `crl`.
# For historical reasons, they will also listen on the legacy port:
# - 0.0.0.0:18000 redirecting internaly to http://10.0.0.10:8001 and
# - [::1]:18000 redirecting internaly to http://10.0.0.10:8001
# For "family-default":
# For "family-default":
# - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003
# - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003
# - [::1]:8002 redirecting internaly to http://10.0.0.10:8003
# - [::1]:8002 redirecting internaly to http://10.0.0.10:8003
# accepting requests from any client.
# accepting requests from any client.
# For historical reasons, they will also listen on the legacy port:
# - 0.0.0.0:18002 redirecting internaly to http://10.0.0.10:8003
# - [::1]:18002 redirecting internaly to http://10.0.0.10:8003
#
#
# For both families, X-Forwarded-For header will be stripped unless
# For both families, X-Forwarded-For header will be stripped unless
# client presents a certificate that can be verified with `ca-cert` and `crl`.
# client presents a certificate that can be verified with `ca-cert` and `crl`.
...
@@ -148,7 +156,7 @@ defaults
...
@@ -148,7 +156,7 @@ defaults
{% set bind_ssl_crt = 'ssl crt ' ~ parameter_dict['cert'] ~ ' alpn h2,http/1.1' %}
{% set bind_ssl_crt = 'ssl crt ' ~ parameter_dict['cert'] ~ ' alpn h2,http/1.1' %}
{% for name, (port, _, certificate_authentication, backend_list) in sorted(parameter_dict['backend-dict'].iteritems()) -%}
{% for name, (port,
legacy_port,
_, certificate_authentication, backend_list) in sorted(parameter_dict['backend-dict'].iteritems()) -%}
listen family_{{ name }}
listen family_{{ name }}
{%- if parameter_dict.get('ca-cert') -%}
{%- if parameter_dict.get('ca-cert') -%}
{%- set ssl_auth = ' ca-file ' ~ parameter_dict['ca-cert'] ~ ' verify' ~ ( ' required' if certificate_authentication else ' optional' ) ~ ' crl-file ' ~ parameter_dict['crl'] %}
{%- set ssl_auth = ' ca-file ' ~ parameter_dict['ca-cert'] ~ ' verify' ~ ( ' required' if certificate_authentication else ' optional' ) ~ ' crl-file ' ~ parameter_dict['crl'] %}
...
@@ -157,6 +165,8 @@ listen family_{{ name }}
...
@@ -157,6 +165,8 @@ listen family_{{ name }}
{%- endif %}
{%- endif %}
bind {{ parameter_dict['ipv4'] }}:{{ port }} {{ bind_ssl_crt }} {{ ssl_auth }}
bind {{ parameter_dict['ipv4'] }}:{{ port }} {{ bind_ssl_crt }} {{ ssl_auth }}
bind {{ parameter_dict['ipv6'] }}:{{ port }} {{ bind_ssl_crt }} {{ ssl_auth }}
bind {{ parameter_dict['ipv6'] }}:{{ port }} {{ bind_ssl_crt }} {{ ssl_auth }}
bind {{ parameter_dict['ipv4'] }}:{{ legacy_port }} {{ bind_ssl_crt }} {{ ssl_auth }}
bind {{ parameter_dict['ipv6'] }}:{{ legacy_port }} {{ bind_ssl_crt }} {{ ssl_auth }}
cookie SERVERID rewrite
cookie SERVERID rewrite
http-request set-header X-Balancer-Current-Cookie SERVERID
http-request set-header X-Balancer-Current-Cookie SERVERID
...
...
stack/erp5/instance-balancer.cfg.in
View file @
8d952c8c
...
@@ -166,11 +166,10 @@ update-command = ${:command}
...
@@ -166,11 +166,10 @@ update-command = ${:command}
{#
{#
# We use to have haproxy then apache, now haproxy is playing apache's role
# We use to have haproxy then apache, now haproxy is playing apache's role
# To keep port stable
, we consume one port so that haproxy use the same port
# To keep port stable
s, we make haproxy listen on both ports (the one
#
that apache was using before
.
#
apache was using + the one haproxy was using)
.
-#}
-#}
{% set _ = next_port() -%}
{% set legacy_haproxy_port = next_port() -%}
{% set haproxy_port = next_port() -%}
{% set haproxy_port = next_port() -%}
{% set backend_path = slapparameter_dict['backend-path-dict'][family_name] -%}
{% set backend_path = slapparameter_dict['backend-path-dict'][family_name] -%}
{% if has_webdav -%}
{% if has_webdav -%}
...
@@ -178,7 +177,7 @@ update-command = ${:command}
...
@@ -178,7 +177,7 @@ update-command = ${:command}
{% else %}
{% else %}
{% set external_scheme = 'https' -%}
{% set external_scheme = 'https' -%}
{% endif -%}
{% endif -%}
{% do haproxy_dict.__setitem__(family_name, (haproxy_port, external_scheme, slapparameter_dict['ssl-authentication-dict'].get(family_name, False), zope_family_address_list)) -%}
{% do haproxy_dict.__setitem__(family_name, (haproxy_port,
legacy_haproxy_port,
external_scheme, slapparameter_dict['ssl-authentication-dict'].get(family_name, False), zope_family_address_list)) -%}
{% endfor -%}
{% endfor -%}
[haproxy-cfg-parameter-dict]
[haproxy-cfg-parameter-dict]
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment